Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1820
Views
0
Helpful
2
Replies

Install Duo via GPO only once

smithaetg
Level 1
Level 1

‎08-23-2021 08:42 AM

Hello Community.
I have followed the instructions for “Deploying Duo Authentication for Windows Logon to clients using Active Directory”. The group policy created with these steps works great. Now what I am looking for is a way for this group policy to NOT run (and re-install Duo) every time the server or PC gets rebooted.
I’ve read up on a way to create environment variables in a GPO and then create a WMI filter to use those variables to check if Duo is installed or not. That way the GPO will only run if Duo is NOT installed. However, I’m not very familiar with WMI filters. Also, the only filter I can find is for .exe files and I can’t find any .exe files for Duo (only .dll files).
Does anyone in the community have any experience in getting Duo deployed via GPO and getting the GPO to only run ONCE (e.g. when Duo is not installed)?

0 Helpful
2 Replies 2

Ken Stieers
VIP
VIP

‎08-27-2021 09:38 AM

GPO shouldn’t reinstall, unless the version of the GPO changes.
Apps installed via GPO get recorded here: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\AppMgmt\

Are you actually seeing reinstalls?

0 Helpful

smithaetg
Level 1
Level 1
In response to Ken Stieers

‎08-30-2021 09:14 AM

@kstieers ,
Thank you for your reply! No, I have not been seeing re-installs. Just trying to be proactive before I apply the GPO to all of the PCs and servers in our environment. You’re the third person to confirm that the GPO shouldn’t re-install the software (the other two were Duo support techs). So I’ve been trying to test the GPO I created to make sure it won’t re-install the software and I’ve run into an weird issue that has been escalated to Duo’s Windows engineering team. Maybe you’ve seen this related problem with Duo or other software you’ve installed via GPO:

In testing the GPO, I’ve manually (under the PC’s Apps and Features) uninstalled Duo and rebooted the PC so that Duo can be installed via GPO. What’s weird is that the GPO will add the app’s information into the registry, but the actually application won’t be installed onto the hard drive (no Duo Security folders in C:\Program Files or C:\ProgramData. I know the GPO works because it will install Duo on a PC or server that has never had Duo installed on it. I did a lot of internet searching (mostly coming up with Microsoft documentation and forums) on the problem of applications not being installed via GPO and I tried quite a few of their solutions. Mostly adjusting the installer GPO so that it waits until the PC has a network connection.
So, as I wait for support to update the ticket, I’m wondering if you or anyone else in the community has had experience with this strange issue.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Quick Links
     
                  Duo Release Notes   Duo Discussion Forums      
 
 
Customers Also Viewed These Support Documents